False positive warning of Trojan on download of DBM
madkort opened this issue · 13 comments
Hello, Devs.
Any explanations for this?
https://gyazo.com/964b147fb43e48e9cd7520ad21c017e1
Since when you are adding wierd stuff to your addon?
RU translation: Trojan found with updating dbm with latest patch
I got one too in english if it makes it any easier to fix, weirdly not the same file.
Happens if I try to update it through CurseForge
I honestly have no idea. our zips are created by a community packager directly from repo, which means they include no files you can't see directly in github repository. It also can't be introduced by packager since that's also open source on github and not intruding anything. I'll need to contact curseforge.
This is a false positive from Windows Defender, no other antivirus triggers on this:
https://www.virustotal.com/gui/file/1f3520776f1931d8a2f37cbf0bff470cb67e9dcf9791f622cb6912d93b7b467a/detection
I got one too in english if it makes it any easier to fix, weirdly not the same file.
Happens if I try to update it through CurseForge
I got the same issue when trying to update DBM this morning. Deleted the Addon and tried again and then was hit with multiple trojan attempts, which were blocked by my firewall. I have removed the addon and won't be downloading it again until this is fixed. I hope you understand.
This is a false positive from Windows Defender, no other antivirus triggers on this:
https://www.virustotal.com/gui/file/1f3520776f1931d8a2f37cbf0bff470cb67e9dcf9791f622cb6912d93b7b467a/detection
I'm not using Windows Defender.
It looks like it’s a has collision on zip file itself. It shares a hash with a known malware zip.
you can literally downnload the first alpha after 9.1.9, 9.1.9-1 and it'll show clean, and the only difference between those two files if you do an exact file compare is the version number.
I'll be doing a new tag regardless to avoid paranoia and delete the zip that has hash collision
New post on issue here: https://www.patreon.com/posts/55047651
gonna close ticket now since things are getting quieter. I think the false flag was already corrected.
Reopening for visability for now. To resolve this, update windows defender to latest definitions. Refer to https://www.microsoft.com/en-us/wdsi/defenderupdates for instructions
To learn more about what happened, read:
https://www.patreon.com/posts/dbm-9-1-9-false-55047651
just got
Trojan:Script/Sabsik.FL.A!ml
on DBM-Core-9.1.9.zip
from Windows Defender
Just had this same problem happen to me 30 minutes ago and same multiple trojan warnings plus one other add on does it to but wont let me update DBM and it keeps crashing Curse Forge and i also use windows defender but get a slight differences in report details just like everyone else i hope you can get to the bottom of this soon
Thankyou Neil
Reopening for visability for now. To resolve this, update windows defender to latest definitions. Refer to microsoft.com/en-us/wdsi/defenderupdates for instructions
To learn more about what happened, read:
patreon.com/posts/dbm-9-1-9-false-55047651
The solution is here, Locking topic for now so new replies don't keep burying the solution/info about it. Please read the stated links
Reopening same issue as last time just to signify how silly this is. Literally same false positives yet again on one year anniversary. Can't even make that up. My guess, was probably never actually fixed, and whitelist was only for one year or something...Total guess, but can't be coincidence on that timing.